261 matches found
Information disclosure
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...
CVE-2021-22913
Nextcloud Deck prior to 1.2.7 and 1.4.1 is affected by an information disclosure vulnerability where searches for sharees are sent to the lookup server by default instead of the local Nextcloud server, unless a global search is explicitly chosen. The underlying issue is that the search requests a...
CVE-2021-22913
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...
Deck 信息泄露漏洞
Deck is a Kanban style organization tool. Designed for personal planning and project organization for teams integrated with Nextcloud. An information disclosure vulnerability exists in Deck that stems from allowing shared searches to be performed on the lookup server by default. A remote attacker...
Nextcloud deck sharee search leaks searches to lookupserver by default
None...
Nextcloud: Nextcloud deck sharee search leaks searches to lookupserver by default
So, in short this is related to the other 2 reports https://hackerone.com/reports/1167916 and https://hackerone.com/reports/1167919 While I could not find deck on your h1 page. I kind of assume it is in scope as well as this is something you sell with the 'groupware' subscription...
EFB Tampering 1. Introduction and Class Differences
TL;DR Electronic flight bags EFBs are devices that flight crews use to help with flight management tasks Different airlines use different devices e.g. iPads, netbooks, custom devices Some are carried on by flight crew, others are built-in to the cockpit Some important functions are carried out by...
Nextcloud Deck Access Control Error Vulnerability (CNVD-2021-12652)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...
CVE-2020-8297
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...
CVE-2020-8297
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...
Design/Logic Flaw
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...
CVE-2020-8297
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...
CVE-2020-8297
CVE-2020-8297 affects Nextcloud Deck prior to 1.0.2, with an insecure direct object reference (IDOR) that lets a user with a duplicate username access deck data belonging to a previously deleted user. The issue stems from access control handling in the Deck app and is confirmed by multiple source...
Nextcloud Deck 安全漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...
Nextcloud Deck Information Disclosure Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck 1.0.4, which stems from a lack of access control and can be exploited by an attacker to view all attachments...
Nextcloud Deck Access Control Error Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck version 0.8.0, which stems from a failure of proper access control and can be exploited by an attacker to...
CVE-2020-8235
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...
CVE-2020-8182
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...
CVE-2020-8182
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...
CVE-2020-8235
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...